A dynamic AES cryptosystem based on memristive neural network

This paper proposes an advanced encryption standard (AES) cryptosystem based on memristive neural network. A memristive chaotic neural network is constructed by using the nonlinear characteristics of a memristor. A chaotic sequence, which is sensitive to initial values and has good random characteristics, is used as the initial key of AES grouping to realize "one-time-one-secret" dynamic encryption. In addition, the Rivest-Shamir-Adleman (RSA) algorithm is applied to encrypt the initial values of the parameters of the memristive neural network. The results show that the proposed algorithm has higher security, a larger key space and stronger robustness than conventional AES. The proposed algorithm can effectively resist initial key-fixed and exhaustive attacks. Furthermore, the impact of device variability on the memristive neural network is analyzed, and a circuit architecture is proposed.


Scientific Reports
| (2022) 12:12983 | https://doi.org/10.1038/s41598-022-13286-y www.nature.com/scientificreports/ device and the noise immunity of the network, and the results proved that MTCNN has good anti-interference characteristics. Finally, the circuit level architecture is proposed and simulated successfully, which proves it can be implemented in hardware.

Background and methodology
AES. Rijndael was chosen as the advanced encryption standard by the National Institute for Standards and Technology (NIST) because of its elegance, efficiency and security in 2000. AES is a symmetric encryption algorithm with a block length of 128-bit. The numbers of encryption rounds are related to the key lengths and are 10 rounds for a 128-bit key, 12 rounds for a 192-bit key and 14 rounds for a 256-bit key. Each round of AES encryption mainly includes SubBytes, ShiftRows, MixColumns and AddRoundKey. AddRoundKey, which applies XOR operation between the input state matrix and the key, is the most important step. The traditional AES system generates each round key by a fixed key expansion.
MTCNN. MTCNN is designed and implemented by introducing a memristor into a transient chaotic neural network (TCNN), which has great self-control when switching between chaotic and steady states, and it is described as 35 : where x i is the output of neuron i , y i is an internal state of neuron i , z i is the self-feedback connection weight of neuron i ( z i >0), w ij is the connection weight between neuron j and neuron I , α is a positive scaling parameter for inputs ( α>0), k is a damping factor of the neuronal membrane (0 < k<1), ε is a steepness parameter of the output function ( ε>0), M 0 denotes the initial resistances of the memristor, b and c are the scaling parameters, ϕ is the magnetic flux of the memristor, dϕ dt = c · x i (t) , and k m is the initial value of the memristor. T h e s e t t i n g s o f v a r i o u s p a r a m e t e r s c a n b e f o u n d i n 3 5 . M 0 = 1100, k = 0.9, 1 ε = 800, I 0 = 0.65, k m = 10 9 , b = 100, c = 1.25 × 10 −5 , andy 0 = 0.5 . This work aims to improve the AES algorithm with MTCNN. It requires prolonging the chaotic state of the system to generate chaotic sequences. As shown in Fig. 1, the period of the chaotic state can be controlled by the parameters. When increasing ε or decreasing k m , the duration of chaos becomes significantly longer. Figure 1 shows that the number of iterations of chaos could increase from 2000 to 8500 within 1/ε from 500 to 1000 or k m from 3 × 10 9 to 0.65 × 10 9 .
Dynamic AES using MTCNN. The MTCNN model is introduced to change the encryption key every round, as shown in Fig. 2. The plaintext is encrypted with AES, and the parameters of the key generated by the chaotic neural network are encrypted with RSA. The chaotic sequence generated by MTCNN can be used as a key for each round of encryption and decryption.
The chaotic sequence generated by MTCNN realizes key generation through the following process, as shown in Fig. 3. Firstly, 16 floating-point numbers with values between 0 and 1 are randomly selected by 16 iterations in the chaotic period. Then, 6 to 10 digits after the decimal point of every floating-point number are taken, and are divided by 256 to obtain an integer in [0, 255]. By converting the decimal system into a binary system, each integer in [0, 255] is converted into an 8-bit binary number, and finally, 16 integers can be used to obtain a 128bit sequence, i.e., a 128-bit key.
As a chaotic neural network is sensitive to the initial value, with a slight modification in the initial value each time, a different nonduplicate key sequence can be obtained and conformed to the key standard. The key generated from each initial value can be used for one round of AES encryption, and ten initial values can complete one round AES block encryption.

Results and analyses
We examine image and text encryption and decryption by the proposed algorithm. The encryption parameters are set as mentioned above.
Histogram analysis of image encryption. As shown in Fig. 4, this system successfully realizes the encryption and decryption of the greyscale images (256 × 256) "Cameraman" and "Chemical plant". Their histograms before encryption and after encryption by the proposed AES model and conventional AES model are presented. The histograms of the original images have a nonuniform distribution and vary widely, while the pixel values of the encrypted images are distributed uniformly. Compared with conventional AES, the proposed algorithm has better balance and smaller variations. This demonstrates that the proposed algorithm has better security and can resist statistical attacks more efficiently. However, the computing time of the proposed algorithm is a little long due to the high complexity.  where R S 1 ,S 2 is the cross-correlation of sequences S 1 and S 2 ; S 1 and S 2 are the sequence means; and m is the correlation interval. When S 1 = S 2 , the above equation becomes an autocorrelation function. It can be confirmed that the chaotic sequence generated by MTCNN has good randomness, as shown in Fig. 5a. When m = 0 , the autocorrelation function is equal to 0.25, and when m is not equal to 0, the autocorrelation function tends to be zero. The whole autocorrelation function is close to the δ function and is quasi-random. Moreover, by measuring the frequency of the chaotic sequence, the average value of the balance degree of the chaotic sequence is 49.76%. This means that the "0" and "1" sequences of the chaotic sequence are evenly distributed. The balance degree of the chaotic sequence is good, as shown in Fig. 5a-d. It can also be seen that the values of the autocorrelation sidelobe and cross-correlation function of the ciphertext sequence are close to zero, indicating that the ciphertext encrypted by MTCNN shows good randomness and is not related to plaintext. Theoretically, the key space of conventional "AES128" is 2 128 ≈ 3.4 × 10 38 . The memristive neural network used in this work can act as the parameter of the key, and the parameter type and range of the proposed MTCNN method are presented in Table 2. The total key space size is equal to the product of all parameter spaces: are the key spaces for the parameters in Table 2. The key space of the proposed AES cryptosystem is much larger than that of the conventional AES system. Figure 6 shows the frequency detection for encryption with MTCNN. It should be noted that regardless of whether the plaintext has prominent statistical characteristics or randomness, the corresponding ciphertext has good randomness. This means that the ciphertext does not depend on the statistical characteristics of the plaintext. The algorithm has good plaintext independence and can effectively resist differential attacks. Furthermore, 20 poker tests were carried out, and the test results are shown in Table 3. According to 36 , the 20,000-bit random ciphertext encrypted by AES based on MTCNN is divided into 4-bit groups, and f (i) , the number represented by the 4-bit group elements, is counted. The statistic X is calculated by Eq. (6), which passes when 2.16 < X < 46.17.        Fig. 7, the proposed circuit level architecture has four modules, including MTCNN controller, 12-bit digital-to-analog converter (DAC), 12-bit analog-to-digital converter (ADC), and memristive amplifier. MTCNN controller is mainly used to complete the iterative algorithm of chaotic system, and to constantly output voltage excitation. DAC and ADC, using the 0.13-um COMS technology, are applied for the conversion between MTCNN controller and device-level circuit. (Pt/TiO 2 /Pt) memristors architecture are fabricated on top of CMOS in our laboratory. The CMOS and memristors are integrated by the hybrid technology. The working process is described as follows. Firstly, the initial output of MTCNN controller is converted into a voltage through 12-bit DAC. Then the current obtained by the memristor, through the amplifier circuit is convert to a voltage. Finally, the output voltage is sent back to MTCNN controller through ADC for calculation, and the next voltage is output.

Hardware simulations. As shown in
This circuit involves many conversions between analog and digital. The precision of the convertors has an important effect on working of the design. In addition, a small error from quantization accuracy may be continuously accumulated by the iterative process in the circuit, possibly leading to final wrong result. Therefor a 12-bit resolution DAC and ADC are very necessary for this work. In this work, both DAC and ADC are designed with conventional architecture. The current-steering DAC is designed based on an array of matched current sources which are binary decoded. Each switch of different weights is controlled by the input digital code and decides the magnitude of the current in each branch. Finally the output of the DAC is obtained by the summing circuit. The successive approximation register (SAR) ADC consists of sample-and-hold (S/H), comparator, DAC, and SAR logic control circuit. The switch procedure is realized with a binary search algorithm. That means that the input signal is compared with the reference voltage output by the DAC from the most significant bit (MSB) to the least significant bit (LSB). When input the signal, the switch of largest capacitor C R is turn on and the other capacitors are turn off. The first comparison is done by the comparator. If the input voltage is higher than the reference voltage, MSB is "1". Otherwise, it is "0". The switch of the largest capacitor becomes turn-off. Then we repeat the switch procedure until the LSB is approached. That means the final output digital code value is obtained. Each comparison and conversion are controlled by the clock signal generated by the SAR logic control circuit.
The results of circuit simulation based on 12-bit and 10-bit DAC/ADC are illustrated in Fig. 8. Both 12-bit and 10-bit DAC/ADC enables the chaos, which proving that the proposed MTCNN can be implemented in hardware. Furthermore, it obviously has richer chaotic dynamic characteristics with the 12-bit ADC/DAC than www.nature.com/scientificreports/ 10-bit, and its chaotic time is longer, which will increase the complexity and improve the security of encryption cryptosystem.

Discussion
Here, the impact of the variability of the memristor is discussed based on the proposed memristive neural network. Figure 9 shows the current-voltage (I-V) characteristics of the memristor model 18 . A pinched hysteresis loop is observed when a sinusoidal current is applied to the memristor in Fig. 9a. Figure 9b shows the conductance drift of the memristor from cycle to cycle. The typical conductance-voltage (G-V) characteristics of the memristor model is shown in Fig. 10. Figures 10a and c show when negative voltage pulses are applied to the memristor, the conductance increases gradually, while it decreases when reversed pulses are applied. Figures 10b and d show the white Gaussian noise is added to the device. The white Gaussian noise does not affect the conductance significantly. To further verify the influence of device variability on the chaotic system, we add these changes to the MTCNN. As shown in Figs. 11a and b, the chaotic process of the network after adding Gaussian noise is modified. However, as the chaotic state is still existed, the cryptosystem can still work. The device conductance drift is related to the scaling parameters b of the memristor. The effect of the scaling parameters on the network is shown in Figs. 11c and d. According to Table 2, when the offset of b is within 50%, it only takes effect on the duration of chaos. If the offset is more than 50%, there is no chaos state generated and the network does not work. The proposed network also shows the good performance under the consideration of the non-idealities of the device and some randomness, which proves it owns strong robustness. This is because unlike the lightweight cryptography, the proposed cryptography does not need absolute stability, and it just needs the general characteristics of memristors. Besides unlike the other improved AES cryptography, it takes the full advantage of the memristor and the chaos to realize "one-time-one-secret" dynamic encryption. This paper presents the prospect of the combination of memristor and encryption, which can significantly improve the safety of the conventional cryptography. However, the proposed system sacrifices some encryption efficiency because of the increase of the computational complexity, and owing to introducing the memristor, it is more difficult for hardware implementation, especially the compatibility of CMOS and memristor.

Conclusion
In summary, this paper proposes an improved AES cryptosystem based on MTCNN. By using the nonlinear characteristics of a memristor, a memristive neural network is constructed to generate a chaotic sequence with good random characteristics and is applied to improve the key of AES to realize "one-time-one-secret" dynamic encryption. Compared with conventional AES, this algorithm has better performance in image encryption with a more uniform-distribution histogram and a much larger key space. In addition, the proposed AES algorithm has good sensitivity and statistical properties, which can effectively improve the problems of fixed keys and key  www.nature.com/scientificreports/ spaces and can improve the anti-attack ability of the AES algorithm. This paper also fully considers the impact of device variability on the network, and also proposes a circuit level architecture. The hardware implementation of the model in this study with a real memristor and continuous optimization may be carried out in future research.

Data availability
The data that support the findings of this study are available from the corresponding author upon reasonable request.